High severityNVD Advisory· Published May 8, 2026· Updated May 18, 2026
CVE-2026-44127
CVE-2026-44127
Description
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <15.0.4
Patches
Vulnerability mechanics
References
2News mentions
1- SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic AccessThe Hacker News · May 19, 2026